diffstat for systemd-232 systemd-232 changelog | 392 +++++++++- gbp.conf | 7 patches/apertis/Don-t-use-V-argument-to-sort.patch | 26 patches/fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch | 23 patches/mount-util-accept-that-name_to_handle_at-might-fail-with-.patch | 46 + patches/series | 3 rules | 2 source/options | 1 8 files changed, 497 insertions(+), 3 deletions(-) diff -Nru systemd-232/debian/changelog systemd-232/debian/changelog --- systemd-232/debian/changelog 2017-06-04 20:58:32.000000000 +0000 +++ systemd-232/debian/changelog 2018-10-29 10:19:51.000000000 +0000 @@ -1,5 +1,33 @@ +systemd (232-25co2) apertis; urgency=medium + + * Adjust the breaks for an Ubuntu based packaging + systemd breaks on nfs-common due to the older package shipping rcS, the + debian based systemd package doesn't take into account the Ubuntu + derivative versioning which got the fixes earlier + Signed-off-by: Sjoerd Simons + * Fixup the meta-closes-bugnum regexp. + Signed-off-by: Sjoerd Simons + + -- Sjoerd Simons Mon, 29 Oct 2018 11:10:36 +0100 + +systemd (232-25co1) unstable; urgency=medium + + [ Simon McVittie ] + * Merge from Debian stretch. Remaining changes: + - .arcconfig: add + - debian/gbp.conf: configure for Apertis + - debian/source/options: exclude .arcconfig + + [ Sjoerd Simons ] + * debian/patches/apertis/Don-t-use-V-argument-to-sort.patch + - Don't use -V to sort as that's not supported by the GPLv2 version but can + typically be dropped without harm + + -- Sjoerd Simons Tue, 11 Jul 2017 09:50:09 +0200 + systemd (232-25) unstable; urgency=medium + * hwdb: Use path_join() to generate the hwdb_bin path. This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having double slashes in the path makes selabel_lookup_raw() return the wrong @@ -1058,7 +1086,6 @@ -- Martin Pitt Thu, 12 May 2016 09:40:19 +0200 systemd (229-5) unstable; urgency=medium - * debian/tests/unit-config: Call "daemon-reload" to clean up generated units in between tests. * debian/tests/unit-config: Check that enable/disable commands are @@ -1109,6 +1136,319 @@ -- Martin Pitt Mon, 25 Apr 2016 11:08:11 +0200 +systemd (229-4ubuntu11co1) 16.12; urgency=medium + + * Merge from Ubuntu xenial-updates. Remaining changes: + - d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch: + fix build-time tests on machines without IPv6. + - debian/rules: make tests non-fatal. (See T2449) + - debian/gbp.conf: configure for Apertis. + - .arcconfig: add. + - debian/source/options: exclude .arcconfig from Debian diff. + - d/p/Update-localed-to-use-the-Debian-config-files.patch: modify + patch to tolerate a missing /etc/default/keyboard. Apertis does + not ship that file. (Apertis: T2326) + + -- Andrew Shadura Wed, 26 Oct 2016 12:10:34 +0200 + +systemd (229-4ubuntu11) xenial; urgency=medium + + * 73-usb-net-by-mac.rules: Split kernel command line import line. + Reportedly this makes the rule actually work on some platforms. Thanks + Alp Toker! (LP: #1593379) + * fsckd: Do not exit on idle timeout if there are still clients connected + (Closes: #788050, LP: #1547844) + * libnss-*.prerm: Remove possible [key=value] options from NSS modules as + well. (LP: #1625584) + * Backport networkd 231. Compared to 229 this has a lot of fixes, some of + which we need for good netplan support. Backporting them individually + would be a lot more work and a lot less robust, and we did not use/support + networkd in 16.04 so far. Drop the other network related patches as they + are included in this backport now. (LP: #1627641) + * debian/tests/networkd: Re-enable the the DHCPv6 tests. The DHCPv6 + behaviour is fixed with the above backport now. + * pid1: process zero-length notification messages again. Just remove the + assertion, the "n" value was not used anyway. This fixes a local DoS due + to unprocessed/unclosed fds which got introduced by the previous fix. + (LP: #1628687) + * pid1: Robustify manager_dispatch_notify_fd(). If + manager_dispatch_notify_fd() fails and returns an error then the handling + of service notifications will be disabled entirely leading to a + compromised system. (side issue of LP: #1628687) + + -- Martin Pitt Tue, 04 Oct 2016 21:43:04 +0200 + +systemd (229-4ubuntu10co2) 16.12; urgency=medium + + [ Andrew Shadura ] + * Backport security patches from Ubuntu and Debian for + LP: #1628687 / Debian bug #839171. + + [ Martin Pitt ] + * Replace "zero notify message" patch with upstream patch + * pid1: process zero-length notification messages again (LP: #1628687) + * pid1: Robustify manager_dispatch_notify_fd() + + -- Andrew Shadura Mon, 03 Oct 2016 11:30:06 +0200 + +systemd (229-4ubuntu10co1) 16.12; urgency=medium + + * Merge from Ubuntu xenial-updates. Remaining changes: + - d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch: + fix build-time tests on machines without IPv6. + - debian/rules: make tests non-fatal. (See T2449) + - debian/gbp.conf: configure for Apertis. + - .arcconfig: add. + - debian/source/options: exclude .arcconfig from Debian diff. + - d/p/Update-localed-to-use-the-Debian-config-files.patch: modify + patch to tolerate a missing /etc/default/keyboard. Apertis does + not ship that file. (Apertis: T2326) + + -- Andrew Shadura Thu, 29 Sep 2016 15:14:10 +0200 + +systemd (229-4ubuntu10) xenial; urgency=medium + + * SECURITY UPDATE: zero-length notify message triggers abort/denial of + service + - systemd-dont_assert_on_zero_length_message-lp1628687.patch: change + assert to simple return + log (LP: #1628687) + - Thanks to Jorge Niedbalski for + the patch. + + -- Steve Beattie Wed, 28 Sep 2016 14:21:42 -0700 + +systemd (229-4ubuntu8co1) 16.12; urgency=medium + + * Merge from Ubuntu xenial-updates. Remaining changes: + - d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch: + fix build-time tests on machines without IPv6. + - debian/rules: make tests non-fatal. (See T2449) + - debian/gbp.conf: configure for Apertis. + - .arcconfig: add. + - debian/source/options: exclude .arcconfig from Debian diff. + - d/p/Update-localed-to-use-the-Debian-config-files.patch: modify + patch to tolerate a missing /etc/default/keyboard. Apertis does + not ship that file. (Apertis: T2326) + + -- Andrew Shadura Thu, 29 Sep 2016 09:23:07 +0200 + +systemd (229-4ubuntu8) xenial-proposed; urgency=medium + + * Queue loading transient units after setting their properties. Fixes + starting VMs with libvirt. (LP: #1529079) + * Connect pid1's stdin/out/err fds to /dev/null also for containers. This + fixes generators which expect a valid stdout/err fd in some container + technologies. (LP: #1608953) + * 73-usb-net-by-mac.rules: Do not run readlink for *every* uevent, and + merely check if /etc/udev/rules.d/80-net-setup-link.rules exists. + A common way to disable an udev rule is to just "touch" it in + /etc/udev/rule.d/ (i. e. empty file), and if the rule is customized we + cannot really predict anyway if the user wants MAC-based USB net names or + not. (LP: #1615021) + * systemd-networkd-resolvconf-update.service: Also pick up DNS servers from + individual link leases, as they sometimes don't appear in the global + ifstate. (LP: #1620559) + + -- Martin Pitt Tue, 06 Sep 2016 14:16:29 +0200 + +systemd (229-4ubuntu7co1) 16.09; urgency=medium + + * Merge from Ubuntu xenial-updates. Remaining changes: + - d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch: + fix build-time tests on machines without IPv6. + - debian/rules: make tests non-fatal. (See T2449) + - debian/gbp.conf: configure for Apertis. + - .arcconfig: add. + - debian/source/options: exclude .arcconfig from Debian diff. + - d/p/Update-localed-to-use-the-Debian-config-files.patch: modify + patch to tolerate a missing /etc/default/keyboard. Apertis does + not ship that file. (Apertis: T2326) + + -- Andrew Lee (李健秋) Wed, 10 Aug 2016 02:04:51 +0800 + +systemd (229-4ubuntu7) xenial-proposed; urgency=medium + + * Add pre-dependency to dpkg >= 1.17.14 on udev, to ensure that + dpkg-maintscript-helper symlink_to_dir is available. (LP: #1585406) + * Add activation rate limiting for socket units. (LP: #1568094) + * Split out udev rule to name USB network interfaces by MAC address into + 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025) + * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the + kernel command line or if /etc/udev/rules.d/80-net-setup-link.rules is a + symlink to /dev/null, to be consistent with disabling the *.link files and + the documented way to disable ifnames. (Closes: #824491, LP: #1593379) + * coredump: Fix "Coredump file descriptor missing". (LP: #1602256) + + -- Martin Pitt Tue, 12 Jul 2016 17:37:25 +0200 + +systemd (229-4ubuntu6) xenial-proposed; urgency=medium + + * Add a DHCP exit hook for pushing received NTP servers into timesyncd. + (LP: #1578663) + * Revert "enable TasksMax= for all services by default, and set it to 512". + Introducing a default limit on number of threads broke a lot of software + which regularly needs more, such as MySQL and RabbitMQ, or services that + spawn off an indefinite number of subtasks that are not in a scope, like + LXC or cron. 512 is way too much for most "simple" services, and it's way + too little for the ones mentioned above. Effective (and much stricter) + limits should instead be put into units individually. + (Closes: #823530, LP: #1578080) + * debian/gbp.conf: Switch to ubuntu-xenial branch. + + -- Martin Pitt Thu, 12 May 2016 10:39:30 +0200 + +systemd (229-4ubuntu5co4) 16.09; urgency=medium + + * debian/gbp.conf: use DEP-14 upstream branch upstream/latest + * debian/gbp.conf: dch: use Apertis bug- and task-closing markers + * d/p/Update-localed-to-use-the-Debian-config-files.patch: modify patch + to tolerate a missing /etc/default/keyboard. Apertis does not ship + that file. (Apertis: T2326) + + -- Simon McVittie Tue, 09 Aug 2016 13:33:19 +0100 + +systemd (229-4ubuntu5co3) 16.09; urgency=medium + + * Adjust 229-4ubuntu5co2 changelog: this change never made it into + 16.06, use 16.09 as target suite instead. + + -- Simon McVittie Fri, 22 Jul 2016 16:09:29 +0100 + +systemd (229-4ubuntu5co2) 16.09; urgency=medium + + * debian/ln-s-r.py: remove leftover part of our old patch to + build successfully with old GPLv2 coreutils + * Restore Apertis changelog entries from v219 + * Re-sumarize changes since 229-4ubuntu5: + - d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch: + fix build-time tests on machines without IPv6 + - debian/rules: make tests non-fatal to be able to bootstrap + * debian/gbp.conf: configure DEP-14 Apertis branch and tag naming + * .arcconfig: add + - debian/source/options: exclude .arcconfig from Debian diff + * d/control: restore , and :native qualifiers, + and Build-Profiles fields, to reduce delta between Debian/Ubuntu and + Apertis. Our OBS supports these now. + * d/rules: stop forcing DEB_VENDOR=Debian. Our base-files now correctly + set DEB_VENDOR=Apertis, so we don't get Ubuntu's NTP servers and + extra udev rules. + + -- Simon McVittie Thu, 26 May 2016 13:50:14 +0100 + +systemd (229-4ubuntu5co1) 16.06; urgency=low + + * Merge from Ubuntu xenial-updates. Remaining changes: + - SUMMARISE HERE + + -- Merge-o-Matic Thu, 12 May 2016 06:55:06 +0100 + +systemd (229-4ubuntu5) xenial-proposed; urgency=medium + + * debian/udev.postinst: Don't fail if /var/log/udev is a directory. + (LP: #1574004) + * Set MAC based name for USB network interfaces only for universally + administered (i. e. stable) MACs, not for locally administered (i. e. + randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link + (as link files don't currently support globs for MACAddress=) and replace + with an udev rule in /lib/udev/rules.d/73-special-net-names.rules. + (Closes: #812575, LP: #1574483) + * debian/extra/init-functions.d/40-systemd: Invoke status command with + --no-pager, to avoid blocking scripts that call an init.d script with + "status" with an unexpected pager process. (Closes: #765175, LP: #1576409) + * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles + accessible to the user session. This avoids having to install libu2f-host0 + (which isn't discoverable at all) to make those devices work. + (LP: #1387908) + * On shutdown, unmount /tmp before disabling swap. (Closes: #788303) + + -- Martin Pitt Mon, 02 May 2016 15:04:42 -0500 + +systemd (229-4ubuntu4co1) 16.06; urgency=medium + + * Sync from Debian, remaining changes: + * d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch + - Added. Fix build on machines not supporing ipv6 + * debian/rules: Force DEB_VENDOR=debian to get an ubuntu flavoured package + * debian/rules: make tests non-fatal to be able to bootstrap + + -- Héctor Orón Martínez Thu, 05 May 2016 09:34:39 +0200 + +systemd (229-4ubuntu4) xenial; urgency=medium + + * 73-special-net-names.rules: Further refine ibmveth naming. + + -- Martin Pitt Tue, 12 Apr 2016 12:06:30 +0200 + +systemd (229-4ubuntu3) xenial; urgency=medium + + * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages + from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog + by default any more. + * 73-special-net-names.rules: Refine ibmveth naming. + + -- Martin Pitt Tue, 12 Apr 2016 10:43:34 +0200 + +systemd (229-4ubuntu2) xenial; urgency=medium + * debian/tests/unit-config: Call "daemon-reload" to clean up generated units + in between tests. + * debian/tests/unit-config: Check that enable/disable commands are + idempotent. + * debian/tests/unit-config: Detect if system units are in /usr/, so that the + test works on systems with merged /usr. + * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d + directly, so that the test works under Fedora too. + * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit, + and check "systemctl enable" on a unit with full path which is not in the + standard directories. + * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as + it is going to get rules for other devices. Also install it into the + initramfs. + * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based + naming schema for ibmveth devices. (LP: #1561096) + * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper + devices with "change" events, as this causes spurious unmounting with + multipath devices. (LP: #1565969) + * Fix bogus "No [Install] section" warning when enabling a unit with full + path. (LP: #1563590) + + -- Martin Pitt Tue, 12 Apr 2016 09:17:35 +0200 + +systemd (229-4ubuntu1) xenial; urgency=medium + + * Merge with Debian unstable. Remaining Ubuntu changes: + - Hack to support system-image read-only /etc, and modify files in + /etc/writable/ instead. + + Upgrade fixes, keep until 16.04 LTS release: + - systemd Conflicts/Replaces/Provides systemd-services. + - Remove obsolete systemd-logind upstart job. + - Clean up obsolete /etc/udev/rules.d/README. + - systemd.postinst: Migrate mountall specific fstab options to standard + util-linux "nofail" option. + - systemctl: Don't forward telinit u to upstart. This works around + upstart's Restart() always reexec'ing /sbin/init on Restart(), even if + that changes to point to systemd during the upgrade. This avoids running + systemd during a dist-upgrade. (LP: #1430479) + - Provide shutdown fallback for upstart. (LP: #1370329) + - Break lvm (<< 2.02.133-1ubuntu1) and remove our dummy /etc/init.d/lvm2 + on upgrades, as it's shipped by lvm2 now. + - Make udev break on mdadm << 3.3-2ubuntu3, as udev's init script dropped + the "Provides: raid-mdadm". + - Clean up /var/log/udev on upgrade (which is written under upstart, but + not under systemd). (LP: #1537211) + - Migrate existing s390x network configuration to new names. (LP: #1526808) + - systemd.postinst: Bump Version comparison for migrating the UTC setting + from /etc/default/rcS to /etc/adjtime, to run it for upgrades to 16.04. + - VMWare BIOS reports implausibly high onboard numbers. This got fixed in + upstream commit 6c1e69f9. Migrate names in ifupdown accordingly. + (LP: #1550539) + - udev: Don't kill peer processes if we don't run in a cgroup. This happens + when running under/upgrading from upstart. udevd and everything else run + in the root hierarchy on all controllers then, and the alleged cleanup of + "our" cgroup becomes a system-wide killing spree. (LP: #1555237) + + -- Martin Pitt Thu, 07 Apr 2016 09:53:25 +0200 + systemd (229-4) unstable; urgency=medium * Fix assertion crash when processing a (broken) device without a sysfs @@ -2233,6 +2573,55 @@ -- Martin Pitt Wed, 13 May 2015 12:27:21 +0200 +systemd (219-8co4) 15.09; urgency=medium + + * d/p/logind-save-run-systemd-users-UID-before-starting-us.patch: + update to force the file to be written even though u->started + is false, making the patch effective (Apertis: #324) + * d/p/pam-for-systemd-user-set-a-default-XDG_RUNTIME_DIR-i.patch: + remove workaround, should no longer be needed + + -- Simon McVittie Mon, 22 Jun 2015 13:01:53 +0100 + +systemd (219-8co3) 15.06; urgency=medium + + * d/p/pam-for-systemd-user-set-a-default-XDG_RUNTIME_DIR-i.patch: + work around the XDG_RUNTIME_DIR not always making it into the + PAM session (Apertis: #323) + * d/p/logind-save-run-systemd-users-UID-before-starting-us.patch: + fix one possible source of that race condition + + -- Simon McVittie Wed, 17 Jun 2015 10:42:37 +0100 + +systemd (219-8co2) 15.06; urgency=medium + + * d/p/logind-Save-the-users-state-when-a-session-enters-.patch: + - https://bugs.freedesktop.org/show_bug.cgi?id=90818 + * d/p/logind-Fix-userelectdisplay-to-be-more-stable.patch: + - https://bugs.freedesktop.org/show_bug.cgi?id=90769 + (Apertis: #279) + * d/p/logind-Add-a-udev-rule-to-tag-all-DRM-cards-with-m.patch: + - https://bugs.freedesktop.org/show_bug.cgi?id=90822 + (Apertis: #136) + + -- Hector Oron Tue, 02 Jun 2015 17:13:10 +0200 + +systemd (219-8co1) 15.06; urgency=medium + + * Sync from Debian, remaining changes: + - Avoid the need for ln --relative (debian/ln-s-r.py + d/p/work-around-relative-ln.patch) + * d/p/build-with-old-tar.patch: + - Added. Fix build with old tar that doesn't understand -J + * d/p/test-socket-util-Fix-tests-on-machines-without-ipv6-.patch + - Added. Fix build on machines not supporing ipv6 + * d/p/journal-add-int-audit-type-name-mapping.patch + * d/p/journal-use-audit-event-names-instead-of-numbers.patch + - Added. Make audit naming more human readable + * debian/rules: Force DEB_VENDOR=debian to get an ubuntu flavoured package + + -- Sjoerd Simons Thu, 30 Apr 2015 17:09:37 +0200 + systemd (219-8) experimental; urgency=medium [ Michael Biebl ] @@ -4495,3 +4884,4 @@ * Initial release, upload to experimental. Closes: #580814 -- Tollef Fog Heen Fri, 30 Apr 2010 21:02:25 +0200 + diff -Nru systemd-232/debian/gbp.conf systemd-232/debian/gbp.conf --- systemd-232/debian/gbp.conf 2017-06-04 20:58:32.000000000 +0000 +++ systemd-232/debian/gbp.conf 2018-10-29 10:19:51.000000000 +0000 @@ -1,8 +1,13 @@ [DEFAULT] pristine-tar = True patch-numbers = False -debian-branch = stretch +debian-branch = apertis/master +debian-tag = apertis/%(version)s +upstream-branch = upstream/latest [dch] full = True multimaint-merge = True +ignore-branch = True +meta-closes = Apertis +meta-closes-bugnum = (?:https://phabricator.apertis.org/)?(T?\d+) diff -Nru systemd-232/debian/patches/apertis/Don-t-use-V-argument-to-sort.patch systemd-232/debian/patches/apertis/Don-t-use-V-argument-to-sort.patch --- systemd-232/debian/patches/apertis/Don-t-use-V-argument-to-sort.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-232/debian/patches/apertis/Don-t-use-V-argument-to-sort.patch 2018-09-21 12:41:22.000000000 +0000 @@ -0,0 +1,26 @@ +From: Sjoerd Simons +Date: Tue, 11 Jul 2017 09:33:47 +0200 +Subject: Don't use -V argument to sort + +The older GPLv2 coreutils sort doesn't implement sort -V. Dropping -V +typically isn't harmfull as long as all dropins start with 2 digits for +ordering purposes + +Signed-off-by: Sjoerd Simons +--- + src/kernel-install/kernel-install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install +index 0c0ee71..bb62c20 100644 +--- a/src/kernel-install/kernel-install ++++ b/src/kernel-install/kernel-install +@@ -41,7 +41,7 @@ dropindirs_sort() + echo "${i##*/}" + fi + done +- done | sort -Vu ++ done | sort -u + ) + + for f in "${files[@]}"; do diff -Nru systemd-232/debian/patches/fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch systemd-232/debian/patches/fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch --- systemd-232/debian/patches/fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-232/debian/patches/fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch 2018-09-21 12:41:22.000000000 +0000 @@ -0,0 +1,23 @@ +From: Sjoerd Simons +Date: Tue, 28 Aug 2018 09:32:18 +0200 +Subject: fd-util: accept that kcmp might fail with EPERM/EACCES + +In a container the kcmp call might well be blocked; Accept that and fall +back to fstat in that case. +--- + src/basic/fd-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c +index 5c82033..8ec98e8 100644 +--- a/src/basic/fd-util.c ++++ b/src/basic/fd-util.c +@@ -290,7 +290,7 @@ int same_fd(int a, int b) { + return true; + if (r > 0) + return false; +- if (errno != ENOSYS) ++ if (!IN_SET(errno, ENOSYS, EACCES, EPERM)) + return -errno; + + /* We don't have kcmp(), use fstat() instead. */ diff -Nru systemd-232/debian/patches/mount-util-accept-that-name_to_handle_at-might-fail-with-.patch systemd-232/debian/patches/mount-util-accept-that-name_to_handle_at-might-fail-with-.patch --- systemd-232/debian/patches/mount-util-accept-that-name_to_handle_at-might-fail-with-.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-232/debian/patches/mount-util-accept-that-name_to_handle_at-might-fail-with-.patch 2018-09-21 12:41:22.000000000 +0000 @@ -0,0 +1,46 @@ +From: Lennart Poettering +Date: Wed, 1 Mar 2017 17:35:05 +0100 +Subject: mount-util: accept that name_to_handle_at() might fail with EPERM + (#5499) + +Container managers frequently block name_to_handle_at(), returning +EACCES or EPERM when this is issued. Accept that, and simply fall back +to to fdinfo-based checks. + +Note that we accept either EACCES or EPERM here, as container managers +can choose the error code and aren't very good on agreeing on just one. + +(note that this is a non-issue with nspawn, as we permit +name_to_handle_at() there, only block open_by_handle_at(), which should +be sufficiently safe). +--- + src/basic/mount-util.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c +index 5d37fb4..265d5fd 100644 +--- a/src/basic/mount-util.c ++++ b/src/basic/mount-util.c +@@ -111,9 +111,10 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { + + r = name_to_handle_at(fd, filename, &h.handle, &mount_id, flags); + if (r < 0) { +- if (errno == ENOSYS) +- /* This kernel does not support name_to_handle_at() +- * fall back to simpler logic. */ ++ if (IN_SET(errno, ENOSYS, EACCES, EPERM)) ++ /* This kernel does not support name_to_handle_at() at all, or the syscall was blocked (maybe ++ * through seccomp, because we are running inside of a container?): fall back to simpler ++ * logic. */ + goto fallback_fdinfo; + else if (errno == EOPNOTSUPP) + /* This kernel or file system does not support +@@ -162,7 +163,7 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { + + fallback_fdinfo: + r = fd_fdinfo_mnt_id(fd, filename, flags, &mount_id); +- if (IN_SET(r, -EOPNOTSUPP, -EACCES)) ++ if (IN_SET(r, -EOPNOTSUPP, -EACCES, -EPERM)) + goto fallback_fstat; + if (r < 0) + return r; diff -Nru systemd-232/debian/patches/series systemd-232/debian/patches/series --- systemd-232/debian/patches/series 2017-06-04 20:58:32.000000000 +0000 +++ systemd-232/debian/patches/series 2018-09-21 12:41:22.000000000 +0000 @@ -91,3 +91,6 @@ debian/Let-graphical-session-pre.target-be-manually-started.patch debian/Add-env-variable-for-machine-ID-path.patch cryptsetup-generator-run-cryptsetup-service-before-swap-u.patch +apertis/Don-t-use-V-argument-to-sort.patch +mount-util-accept-that-name_to_handle_at-might-fail-with-.patch +fd-util-accept-that-kcmp-might-fail-with-EPERM-EACCES.patch diff -Nru systemd-232/debian/rules systemd-232/debian/rules --- systemd-232/debian/rules 2017-06-04 20:58:32.000000000 +0000 +++ systemd-232/debian/rules 2018-10-29 10:19:51.000000000 +0000 @@ -20,7 +20,7 @@ ifupdown (<< 0.8), \ keyboard-configuration (<< 1.141), \ kbd (<< 2.0.3-2), \ - nfs-common (<< 1:1.2.8-9.1), \ + nfs-common (<< 1:1.2.8-9ubuntu4), \ rpcbind (<< 0.2.3-0.1), \ hdparm (<< 9.48+ds-1), \ screen (<< 4.3.1-2), \ diff -Nru systemd-232/debian/source/options systemd-232/debian/source/options --- systemd-232/debian/source/options 1970-01-01 00:00:00.000000000 +0000 +++ systemd-232/debian/source/options 2018-09-21 12:41:22.000000000 +0000 @@ -0,0 +1 @@ +extend-diff-ignore = ^\.arcconfig$